Back in August of last year Google officially announced that switching your website over to HTTPS will give you a minor ranking boost.
So it’s that simple, right? If Google says do it, then let’s do it.
For most companies this is exactly the right mentality, but it’s still important to understand what the difference is between HTTP and HTTPS, how to make the switch, and if making the switch is right for your company in the first place.
Ultimately, it’s important to ask yourself several questions: Why does Google prefer HTTPS for SEO rankings? What are the SEO benefits of HTTPS?
And also a word of caution: There are some SEO concerns to consider when changing to HTTPS.
HTTP vs. HTTPS: Understanding the Basics
No matter what side you are on—being the user of a website or developing your own site—a good online experience tends to involve a trusted third party and good encryption.
In order to understand how to achieve this and better understand why Google favors these website elements (and why you should too), it’s important to first learn the difference between HTTP and HTTPS. Below explains the basics of the two options:
HTTP: HyperText Transfer Protocol
Hypertext Transfer Protocol (http) is a system for transmitting and receiving information across the Internet. HTTP is an “application layer protocol,” which ultimately means that its focus is on how information is presented to the user, however, this option doesn’t really care how data gets from Point A to Point B.
It is said to be “stateless,” which means it doesn’t attempt to remember anything about the previous web session. The benefit to being stateless it that there is less data to send, and that means increased speed.
When is HTTP beneficial?
Http is most commonly used to access html pages, and it is important to consider that other resources can be utilized through accessing http. This was the way that most websites who did not house confidential information (such as credit card information) would setup their websites.
HTTPS: Secure HyperText Transfer Protocol
HTTPS, or “secure http”, was developed to allow authorization and secured transactions. Exchanging confidential information needs to be secured in order to prevent unauthorized access, and https makes this happen. In many ways, https is identical to http because it follows the same basic protocols. The http or https client, such as a Web browser, establishes a connection to a server on a standard port. However, https offers an extra layer of security because it uses SSL to move data.
For all intents and purposes, HTTPS is HTTP, it’s just the secure version.
To get technical on you, the main difference is that it uses TCP Port 443 by default, so HTTP and HTTPS are two separate communications.
HTTPS works in conjunction with another protocol, Secure Sockets Layer (SSL), to transport data safely (which is really the key difference that Google cares about).
Remember, HTTP and HTTPS don’t care how the data gets to its destination. In contrast, SSL doesn’t care what the data looks like (like HTTP does).
That is why HTTPS really offers the best of both worlds: Caring about what the user sees visually, but also having an extra layer of security when moving data from point A to point B.
An Extra Note: People often use the terms HTTPS and SSL interchangeably, but that isn’t accurate. HTTPS is secure because it uses SSL to move data. The technicalities can seem complicated, so visit here if you need more detailed information. For most companies, understanding that https is more secure than http is enough.
HTTPS and Google’s Opinion
It shouldn’t come as a surprise that Google prefers sites that are trusted and certified.
This is because users can be guaranteed that the site will encrypt their information for that extra level of security. However, you should understand that getting a certificate can be an involved task (which is why it allows for higher ranking benefits).
Breaking it down: When a site goes through the motions of obtaining a certificate, the issuer becomes a trusted third party. When your browser recognizes a secure Web site, it uses the information in the certificate to verify that the site is what it claims to be. A user who knows the difference between HTTP and HTTPS can now buy with confidence, and thus, businesses can get started in electronic commerce because of this credibility.
With the announcement I addressed in the beginning, Google is now using HTTPS as a ranking signal. It is pretty clear from data analysis that HTTPS sites have a ranking advantage over http-URLs so this switch will now benefit all companies, confidential information or not.
To get a little bit more detailed, data sent using HTTPS is secured via Transport Layer Security protocol (TLS), which provides three key layers of protection:
- Encryption. Encrypting the exchanged data to keep it secure.
- Data Integrity. Data cannot be modified or corrupted during transfer without being detected.
- Authentication proves that your users communicate with the intended website.
Google claims that websites who use HTTPS will have a small ranking benefit because of these security aspects.
Still, HTTPS sites will only have the benefit of a “very lightweight signal” within the overall ranking algorithm, carrying less weight than other signals such as high-quality content.
According to Search Engine Land, Google said that based on their initial tests the HTTPS signal showed “positive results” in terms of relevancy and ranking in Google’s search results.
That same article predicted that this may change eventually, and Google may decide to strengthen the signal, or give more ranking benefit to HTTPS sites because they want to keep online users secure.
SEO Advantages of Switching to HTTPS
It is clear that HTTPS offers security, so it is definitely the choice to put you in Google’s good graces. There are also some additional SEO benefits for you to consider.
- Increased rankings.
The obvious one. As stated, Google has confirmed the slight ranking boost of HTTPS sites. Like most ranking signals, it is very hard to isolate on its own, but this is still something to keep in mind. On the plus side, the value of switching to HTTPS is very likely to increase over time.
- Referrer Data.
When traffic passes to an HTTPS site, the secure referral information is preserved. This is unlike what happens when traffic passes through an HTTP site, and it is stripped away and looks as though it is “direct.”
- Security and privacy.
HTTPS adds security for your SEO goals and website in several ways:
- It verifies that the website is the one the server it is supposed to be talking to.
- It prevents tampering by third parties.
- It makes your site more secure for visitors.
- It encrypts all communication, including URLs, which protects things like browsing history and credit card numbers.
So Are There Any SEO Concerns in Switching to HTTPS?
You really shouldn’t be concerned with switching from HTTP to HTTPS in terms of SEO. Google has been telling webmasters it is safe to do so for years. However, you do need to go through the motions to ensure your traffic doesn’t suffer.
Make sure to communicate to Google that you moved your site from HTTP to HTTPS.
Google has provided the following tips for best practices when switching to HTTPS:
- Decide the kind of certificate you need: single, multi-domain, or wildcard certificate
- Use 2048-bit key certificates
- Use relative URLs for resources that reside on the same secure domain
- Use protocol relative URLs for all other domains
- Check out our site move article for more guidelines on how to change your website’s address
- Don’t block your HTTPS site from crawling using robots.txt
- Allow indexing of your pages by search engines where possible. Avoid the no index robots meta tag.
- Google has also updated Google Webmaster Tools to better handle HTTPS sites and the reporting on them.
- Track your HTTP to HTTPS migration carefully in your analytics software and within Google Webmaster Tools.
In addition to the Google Support resources, I highly recommend reading a condensed introduction to HTTP/HTTPS and some tips on changing over to SSL/HTTPS here before getting started.
This is usually something an IT professional can get done quickly, but it can sometimes be overwhelming for someone who may not have an IT background.
Below is a quick list of steps to get an outline of the process:
- Provide your CSR: You need to generate a Certificate Signing Request (CSR) on your webserver.
- Select the server software used to generate the CSR.
- Select the hash algorithm you prefer to use.
- Select the validity period for your Certificate.
Note: You will be licensed to use this Certificate on an unlimited number of servers. It is beneficial to work with a company that establishes SSL connections, as this is all automatically generated once you input information.
The clear conclusion here is that switching to HTTPS will help you stay in good graces with Google. Along with all of the SEO benefits we discussed (which are only going to increase), HTTPS is a far more secure system for your website to operate. Security for your site and your users is the most important aspect of making the switch from HTTP to HTTPS.
HTTPS is not only good for security but also for referrer data and other SEO strategies. When looking at the issue holistically and considering the future of what Google is likely to do with HTTPS, I recommend switching over to HTTPS, ASAP, to keep up with Google.
Have you recently switched over to HTTPS and seen any results? Have you run any analyses to see if this switch to HTTPS is helping your SEO? We would love to hear about your experience, so let us know in the comments section below.